package org.pointex.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.pointex.common.controller.BaseController;
import org.pointex.common.model.ParamObject;
import org.pointex.common.util.MD5Util;
import org.pointex.util.RSAUtils;
import org.pointex.util.StringUtil;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

public class CustomLoginFilter extends UsernamePasswordAuthenticationFilter {


    public Authentication attemptAuthentication(HttpServletRequest request,
            HttpServletResponse response) throws AuthenticationException {

//        if (!request.getMethod().equals("POST")) {
//        	throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
//         }
        ParamObject obj = new ParamObject() ;
        String uid =  obtainUid(request);
        String name = obtainName(request);
        String sign = obtainSign(request); 
        
//        //解密验签
//        try { 
//            
//            obj.setName(name);
//            obj.setSign(sign);
//            obj.setUid(uid);        	
//        	if (isNuOrEmpty(obj.getUid(), obj.getName(),obj.getSign())) {
//        		throw new AuthenticationServiceException("Authentication Failed: " + request.getMethod());
//			}else{
//				RSAUtils.decryptPtion(obj);
//				//登录验证签名
//				if(!MD5Util.isSign(obj)){
//					throw new AuthenticationServiceException("Authentication Failed: " + request.getMethod());
//				}
//			}		
//			
//		} catch (Exception e) {
//			e.printStackTrace();
//			throw new AuthenticationServiceException("Authentication Failed: " + request.getMethod());
//		}        
        Object principal = (Object)uid;
        Object credentials = (Object)name ;
        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(principal,credentials);
        
        setDetails(request, authRequest);
        
        Authentication auth=this.getAuthenticationManager().authenticate(authRequest);
        if(auth.isAuthenticated()){
        	request.getSession().setAttribute("isLogin","true");
        }
        return auth;
    }
    
    
    private String obtainUid(HttpServletRequest request) {
		return request.getParameter("uid");
	}
	
	private String obtainName(HttpServletRequest request) {
		return request.getParameter("name");
	}	
	private String obtainSign(HttpServletRequest request) {
		return request.getParameter("sign");
	}	
	
	private  boolean isNuOrEmpty(String... obj) {
		boolean flag = false;
		for (String o : obj) {
			if (StringUtil.isNullOrEmpty(o)) {
				flag = true;
			}
		}
		return flag;
	}	

}